What you'll learn

Setup Linux server as an Authoritative DNS with BIND
Setup Linux server as Caching/Recursive DNS with BIND

Course content

5 sections • 29 lectures • 4h 23m total length

Introduction3:46
DNS Concept7:28
Available DNS software5:41
Deploying DNS server3:48
Type of Name Server11:50
Bind configuration file14:54
Zone file6:26
Resource Records (part 1)8:50
Resource Records (part 2)18:21

Lab Overview5:58
Lab 1: Install BIND 912:20
By end of this lecture, student will be able to performing DNS BIND installation and its dependencies
Configure Name Server (NS) - Lab 2(a): DNS for root-server7:21
By end of this lecture, student will be able to setup DNS system for domain root
Configure Name Server (NS) - Lab 2(b): DNS for TLD15:19
By end of this lecture, student will be able to setup DNS system for domain country code Top Level Domain
Configure Name Server (NS) - Lab 2(c): DNS for Cache6:09
By end of this lecture, student will be able to setup DNS system for caching purpose
Configure Name Server (NS) - Lab 2(d): DNS for example.my12:22
By end of this lecture, student will be able to setup DNS system for domain user - example.my
Lab 3: DNS Hardening7:30
By end of this lecture, student will be able to perform hardening on DNS service
Lab 4: Troubleshooting DNS14:13

DNS Cache Poisoning (Overview)4:57
Disclaimer: This part for educational purpose only. You can use it to test on your own DNS cache setup for this course only. Do not try to attempt to break in something that not belong to you.

You will be demonstrated how DNS cache poisoning work by just minor modification from earlier lab setup. By realising the threats of DNS cache poisoning, you will understand the needs for DNSSEC.
DNS Cache Poisoning (Demo)9:15
Disclaimer: This part for educational purpose only. You can use it to test on your own DNS cache setup for this course only. Do not try to attempt to break in something that not belong to you.

You will be demonstrated how DNS cache poisoning work by just minor modification from earlier lab setup. By realising the threats of DNS cache poisoning, you will understand the needs for DNSSEC.

Data Protection with DNSSEC (Theory)13:28
DNSSEC introduction and protected area in DNS flow
Data Protection with DNSSEC (Lab) - part 16:49
Enable DNSSEC at Authentication DNS (part 1)
Data Protection with DNSSEC (Lab) - part 25:50
Enable DNSSEC at Authentication DNS (part 2)
Data Protection with DNSSEC (Lab) - part 39:18
Test DNSSEC and add DS key to parent/registrar
Data Protection with DNSSEC (Lab) - part 410:29
Enable DNSSEC and Validation at Cache DNS
Data Protection with DNSSEC (Lab) - part 513:24
Key Rollover is by far the most terrifying part of DNSSEC
If rollover is done incorrectly, the zone affected "goes dark" and is unavailable to clients of validating servers
ZSK signs all authoritative RRsets in the zone (except delegation NS records and glue)
Learn how to perform ZSK rollover:
Create new ZSK key
Activate Passive ZSK
Generate & Add New Passive ZSK
Data Protection with DNSSEC (Lab) - part 69:40
Key Rollover is by far the most terrifying part of DNSSEC
If rollover is done incorrectly, the zone affected "goes dark" and is unavailable to clients of validating servers
KSK signs only the DNSKEY RRset in a zone
Learn how to perform KSK rollover:
Create New KSK
Remove old KSK and Re-Sign Zone

Requirements

Basic Linux and Networking knowledge
Familiar with virtualization software i.e: VirtualBox or Cloud platform

Description

Want to learn how DNS servers are configured from Root Level, Top Level (TLD) and Second Level Domains (2LD)? If yes, then this course is the right choice for you. You will understand parent and child/sub-domain works by configuring Root Level until Second Level Domain.

This isolated DNS environment will be useful for you to conduct any testing related to your DNS without touching your live DNS.

In this course, you will learn:

Understand how Authoritative and Cache DNS works
Lean how to setup Authoritative and Cache DNS in proper way
Perform BIND hardening on your DNS servers
DNS Troubleshooting and understand common mistakes by DNS administrators
DNS Cache Poisoning demo targeting on vulnerable BND version
Securing your DNS servers by implementing TSIG
Securing your DNS data by implementing DNSSEC

This course was developed by ex-DNS Administrator for country-code Top Level Domain (ccTLD) for more than 6 years including applied R&D in DNS, DNS trainer and facilitator in yearly DNS training event.

Course Updates:

15-07-2019 : Added Cache Poisoning Demo, TSIG and DNSSEC

Who this course is for:

Those who are working in IT and want to understand how DNS works

What you'll learn

Explore related topics

Course content

Level : Beginner - DNS Bind (Theory)9 lectures • 1hr 21min

Level : Beginner - DNS Bind (Lab)8 lectures • 1hr 21min

DNS Cache Poisoning (bonus)2 lectures • 14min

Level : Intermediate - Server Protection with TSIG3 lectures • 18min

Level : Advanced - Data Protection with DNSSEC7 lectures • 1hr 9min

Requirements

Description

Who this course is for: